0nebody/stunnel-killer

## stunnel-killer
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: stunnel-script
  namespace: kube-system
data:
  stunnel.sh: |
    #!/bin/sh
    WAIT_TIME=60 # Time in seconds to wait before polling stunnel processes
    TIMEOUT=2    # Time in seconds to wait for response from remote EFS system connected via stunnel

    while true; do
        STUNNEL_NFS_MOUNTS=$(mount | grep nfs4 | grep 127.0.0.1 | awk '{print $3}')
        for STUNNEL_MOUNT in ${STUNNEL_NFS_MOUNTS}; do
            echo "[$(date)] Testing mount ${STUNNEL_MOUNT}"
            timeout ${TIMEOUT} stat -t "${STUNNEL_MOUNT}" >/dev/null 2>&1
            if [ $? -eq 143 ]; then
                echo "[$(date)] Timeout when connecting to NFS, killing stunnel process"
                NAME=$(echo "${STUNNEL_MOUNT}" | sed -r 's:/:.:g')
                PROCESS=$(ps -eo user,pid,comm,args | grep stunnel | grep "${NAME}")
                PROCESS_NAME=$(echo "${PROCESS}" | awk '{ print $4, $5}')
                PROCESS_PID=$(echo "${PROCESS}" | awk '{print $2}')
                kill -9 "${PROCESS_PID}"
                echo "[$(date)] Killed process ${PROCESS_PID} '${PROCESS_NAME}'"
            fi
        done
        sleep ${WAIT_TIME}
    done
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: stunnel-killer
  namespace: kube-system
  labels:
    k8s-app: stunnel-killer
spec:
  selector:
    matchLabels:
      name: stunnel-killer
  template:
    metadata:
      labels:
        name: stunnel-killer
    spec:
      hostPID: true
      containers:
        - name: stunnel-killer
          securityContext:
            privileged: true
          image: busybox:1.35.0
          command: ["/stunnel.sh"]
          resources:
            requests:
              cpu: 10m
              memory: 50Mi
          volumeMounts:
            - name: kubelet
              mountPath: /var/lib/kubelet
              mountPropagation: HostToContainer
            - name: stunnel-script
              mountPath: /stunnel.sh
              subPath: stunnel.sh
      volumes:
        - name: kubelet
          hostPath:
            path: /var/lib/kubelet
            type: Directory
        - name: stunnel-script
          configMap:
            name: stunnel-script
            defaultMode: 0555
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: stunnel-script
	namespace: kube-system
	data:
	stunnel.sh: \|
	#!/bin/sh
	WAIT_TIME=60 # Time in seconds to wait before polling stunnel processes
	TIMEOUT=2 # Time in seconds to wait for response from remote EFS system connected via stunnel

	while true; do
	STUNNEL_NFS_MOUNTS=$(mount \| grep nfs4 \| grep 127.0.0.1 \| awk '{print $3}')
	for STUNNEL_MOUNT in ${STUNNEL_NFS_MOUNTS}; do
	echo "[$(date)] Testing mount ${STUNNEL_MOUNT}"
	timeout ${TIMEOUT} stat -t "${STUNNEL_MOUNT}" >/dev/null 2>&1
	if [ $? -eq 143 ]; then
	echo "[$(date)] Timeout when connecting to NFS, killing stunnel process"
	NAME=$(echo "${STUNNEL_MOUNT}" \| sed -r 's:/:.:g')
	PROCESS=$(ps -eo user,pid,comm,args \| grep stunnel \| grep "${NAME}")
	PROCESS_NAME=$(echo "${PROCESS}" \| awk '{ print $4, $5}')
	PROCESS_PID=$(echo "${PROCESS}" \| awk '{print $2}')
	kill -9 "${PROCESS_PID}"
	echo "[$(date)] Killed process ${PROCESS_PID} '${PROCESS_NAME}'"
	fi
	done
	sleep ${WAIT_TIME}
	done
	---
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	name: stunnel-killer
	namespace: kube-system
	labels:
	k8s-app: stunnel-killer
	spec:
	selector:
	matchLabels:
	name: stunnel-killer
	template:
	metadata:
	labels:
	name: stunnel-killer
	spec:
	hostPID: true
	containers:
	- name: stunnel-killer
	securityContext:
	privileged: true
	image: busybox:1.35.0
	command: ["/stunnel.sh"]
	resources:
	requests:
	cpu: 10m
	memory: 50Mi
	volumeMounts:
	- name: kubelet
	mountPath: /var/lib/kubelet
	mountPropagation: HostToContainer
	- name: stunnel-script
	mountPath: /stunnel.sh
	subPath: stunnel.sh
	volumes:
	- name: kubelet
	hostPath:
	path: /var/lib/kubelet
	type: Directory
	- name: stunnel-script
	configMap:
	name: stunnel-script
	defaultMode: 0555